Problem: sendmail-8.14.5-85.1.2.x86_64 conflicts with postfix provided by postfix-2.9.6-1.2.1.x86_64 Solution 1: Following actions will be done: do not install postfix-2.9.6-1.2.1.x86_64 do not install postfix-mysql-2.9.6-1.2.1.x86_64 Solution 2: deinstallation of sendmail-8.14.5-85.1.2.x86_64

To secure the MySQL installation

# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we'll need the currentpassword for the root user. If you've just installed MySQL, andyou haven't set the root password yet, the password will be blank,so you should just press enter here.

By default, a MySQL installation has an anonymous user, allowing anyoneto log into MySQL without having to have a user account created forthem. This is intended only for testing, and to make the installationgo a bit smoother. You should remove them before moving into aproduction environment.

Remove anonymous users? [Y/n] <-- Y ... Success!

Normally, root should only be allowed to connect from 'localhost'. Thisensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] <-- Y ... Success!

By default, MySQL comes with a database named 'test' that anyone canaccess. This is also intended only for testing, and should be removedbefore moving into a production environment.

10.1 PHP-FPM

Der Autor schlägt vor:Starting with ISPConfig 3.0.5, there is an additional PHP mode that you can select for usage with Apache: PHP-FPM.

To use PHP-FPM with Apache, we need the mod_fastcgi Apache module (please don't mix this up with mod_fcgid - they are very similar, but you cannot use PHP-FPM with mod_fcgid). We can install PHP-FPM and mod_fastcgi as follows:

mod_fastcgi is available from a third-party repository which we can enable it as follows:

Before we start PHP-FPM, rename /etc/php5/fpm/php-fpm.conf.default to /etc/php5/fpm/php-fpm.conf:

mv /etc/php5/fpm/php-fpm.conf.default /etc/php5/fpm/php-fpm.conf

Change the permissions of PHP's session directory:

chmod 1733 /var/lib/php5

Then open /etc/php5/fpm/php-fpm.conf...

vi /etc/php5/fpm/php-fpm.conf

... and change error_log to /var/log/php-fpm.log:

[...]error_log = /var/log/php-fpm.log[...]

There's no php.ini file for PHP-FPM under OpenSUSE 13.1, therefore we copy the CLI php.ini:

cp /etc/php5/cli/php.ini /etc/php5/fpm/

Next open /etc/php5/fpm/php.ini...

vi /etc/php5/fpm/php.ini

... and set cgi.fix_pathinfo to 0:

[...]; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting; of zero causes PHP to behave as before. Default is 1. You should fix your scripts; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.; php.net/cgi.fix-pathinfocgi.fix_pathinfo=0[...]

Next create the system startup links for php-fpm and start it:

systemctl enable php-fpm.servicesystemctl start php-fpm.service

PHP-FPM is a daemon process that runs a FastCGI server on port 9000, as you can see in the output of

netstat -tapn

Next enable the following Apache modules...

a2enmod actionsa2enmod fastcgia2enmod alias

... and restart Apache:

systemctl restart apache2.service.

11 Install PureFTPd

ob wir das später aktivieren, ist noch nicht raus.

Install the pure-ftpd FTP daemon. Run:

zypper install pure-ftpd

systemctl enable pure-ftpd.servicesystemctl start pure-ftpd.service

Now we configure PureFTPd to allow FTP and TLS sessions. FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure.

OpenSSL is needed by TLS; to install OpenSSL, we simply run:

zypper install openssl

Open /etc/pure-ftpd/pure-ftpd.conf...

joe /etc/pure-ftpd/pure-ftpd.conf

If you want to allow FTP and TLS sessions, set TLS to 1 (wir wollen beides haben):

TLS 1

In order to use TLS, we must create an SSL certificate. I create it in /etc/ssl/private/, therefore I create that directory first:

WARNING: The file "config/config.php" was found, but it is for an older version of SquirrelMail. It is possible to still read the defaults from this file but be warned that many preferences change between versions. It is recommended that you start with a clean config.php for each upgrade that you do. To do this, just move config/config.php out of the way.

SquirrelMail Configuration : Read: config.php---------------------------------------------------------While we have been building SquirrelMail, we have discovered somepreferences that work better with some servers that don't work sowell with others. If you select your IMAP server, this option willset some pre-defined settings for that server.

Please note that you will still need to go through and make sureeverything is correct. This does not change everything. There areonly a few settings that this will change.

SquirrelMail Configuration : Read: config.php---------------------------------------------------------While we have been building SquirrelMail, we have discovered somepreferences that work better with some servers that don't work sowell with others. If you select your IMAP server, this option willset some pre-defined settings for that server.

Please note that you will still need to go through and make sureeverything is correct. This does not change everything. There areonly a few settings that this will change.

19 ISPConfig 3

Before we install ISPConfig 3, make sure that the /var/vmail/ directory exists:

mkdir /var/vmail/

Download the current ISPConfig 3 version and install it. The ISPConfig installer will configure all services like Postfix, Dovecot, etc. for you.

You now also have the possibility to let the installer create an SSL vhost for the ISPConfig control panel, so that ISPConfig can be accessed using https:// instead of . To achieve this, just press ENTER when you see this question: Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]:.

Generating a 2048 bit RSA private key.......................................................+++.................................................+++writing new private key to 'smtpd.key'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]: <-- ENTERState or Province Name (full name) [Some-State]: <-- ENTERLocality Name (eg, city) []: <-- ENTEROrganization Name (eg, company) [Internet Widgits Pty Ltd]: <-- ENTEROrganizational Unit Name (eg, section) []: <-- ENTERCommon Name (eg, YOUR name) []: <-- ENTEREmail Address []: <-- ENTERConfiguring JailkitConfiguring DovecotConfiguring SpamassassinConfiguring AmavisdConfiguring GetmailConfiguring PureftpdConfiguring BINDConfiguring ApacheConfiguring VloggerConfiguring Apps vhostConfiguring Bastille FirewallConfiguring Fail2banInstalling ISPConfigISPConfig Port [8080]: <-- ENTER

Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: <-- ENTER

Generating RSA private key, 4096 bit long modulus........++.....................................++e is 65537 (0x10001)You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]: <-- ENTERState or Province Name (full name) [Some-State]: <-- ENTERLocality Name (eg, city) []: <-- ENTEROrganization Name (eg, company) [Internet Widgits Pty Ltd]: <-- ENTEROrganizational Unit Name (eg, section) []: <-- ENTERCommon Name (eg, YOUR name) []: <-- ENTEREmail Address []: <-- ENTER

Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []: <-- ENTERAn optional company name []: <-- ENTERwriting RSA keyConfiguring DBServerInstalling ISPConfig crontabno crontab for rootno crontab for getmailRestarting services ...redirecting to systemctlredirecting to systemctlredirecting to systemctlredirecting to systemctlredirecting to systemctlredirecting to systemctlredirecting to systemctlredirecting to systemctlInstallation completed.server1:/tmp/ispconfig3_install/install #

weiter mit ... lieber nicht ..

--------------------------------------------------------------------------Open /etc/suphp.conf...vi /etc/suphp.conf... and make sure that it contains x-httpd-suphp="php:/srv/www/cgi-bin/php"anstelle vonx-httpd-suphp="php:/srv/www/cgi-bin/php5"towards the end of the file: (nur die 5 am Ende muss weg!!)[...][handlers];Handler for php-scriptsx-httpd-suphp="php:/srv/www/cgi-bin/php"[...]--------------------------------------------------------------------------

Zusatzinformationen und Links

19.1 ISPConfig 3 Manual

In order to learn how to use ISPConfig 3, I strongly recommend to download the ISPConfig 3 Manual.

On about 300 pages, it covers the concept behind ISPConfig (admin, resellers, clients), explains how to install and update ISPConfig 3, includes a reference for all forms and form fields in ISPConfig together with examples of valid inputs, and provides tutorials for the most common tasks in ISPConfig 3. It also lines out how to make your server more secure and comes with a troubleshooting section at the end.

19.2 ISPConfig Monitor App For Android

With the ISPConfig Monitor App, you can check your server status and find out if all services are running as expected. You can check TCP and UDP ports and ping your servers. In addition to that you can use this app to request details from servers that have ISPConfig installed (please note that the minimum installed ISPConfig 3 version with support for the ISPConfig Monitor App is 3.0.3.3!); these details include everything you know from the Monitor module in the ISPConfig Control Panel (e.g. services, mail and system logs, mail queue, CPU and memory info, disk usage, quota, OS details, RKHunter log, etc.), and of course, as ISPConfig is multiserver-capable, you can check all servers that are controlled from your ISPConfig master server.